From b697863f5f79761223b352cbed32426bdf63b308 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 12 May 2026 11:48:01 +0000 Subject: [PATCH] feat: set default cpuShares to 1024 in ContainerDefinitionFetcher Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/d051ae44-c6c5-476d-9217-425945116a19 Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com> --- compose.yaml | 2 +- multiple-instances.md | 2 +- php/containers-schema.json | 3 +++ php/containers.json | 27 +++++++++++++++++--------- php/src/Container/Container.php | 1 + php/src/ContainerDefinitionFetcher.php | 6 ++++++ php/src/Docker/DockerActionManager.php | 5 +++++ readme.md | 6 +++--- reverse-proxy.md | 6 +++--- 9 files changed, 41 insertions(+), 17 deletions(-) diff --git a/compose.yaml b/compose.yaml index c3b95a42..bddc0215 100644 --- a/compose.yaml +++ b/compose.yaml @@ -4,7 +4,7 @@ services: image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel init: true # This setting makes sure that signals from main process inside the container are correctly forwarded to children. See https://docs.docker.com/reference/compose-file/services/#init restart: always # This makes sure that the container starts always together with the host OS. See https://docs.docker.com/reference/compose-file/services/#restart - cpu_shares: 2048 # This gives the mastercontainer twice the default CPU share weighting (default is 1024), ensuring it stays responsive under heavy load from sibling containers. See https://docs.docker.com/reference/compose-file/services/#cpu_shares + cpu_shares: 4096 # This gives the mastercontainer four times the default CPU share weighting (default is 1024), ensuring it stays responsive under heavy load from sibling containers. See https://docs.docker.com/reference/compose-file/services/#cpu_shares container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly volumes: - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work diff --git a/multiple-instances.md b/multiple-instances.md index 52509037..8a17c2ad 100644 --- a/multiple-instances.md +++ b/multiple-instances.md @@ -144,7 +144,7 @@ apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvi --name nextcloud-aio-mastercontainer \ --restart always \ --publish 8080:8080 \ - --cpu-shares 2048 \ + --cpu-shares 4096 \ --env APACHE_PORT=11000 \ --env APACHE_IP_BINDING=0.0.0.0 \ --env TALK_PORT=3478 \ diff --git a/php/containers-schema.json b/php/containers-schema.json index fc0e03dc..e4ac728a 100644 --- a/php/containers-schema.json +++ b/php/containers-schema.json @@ -141,6 +141,9 @@ "shm_size": { "type": "integer" }, + "cpu_shares": { + "type": "integer" + }, "secrets": { "type": "array", "items": { diff --git a/php/containers.json b/php/containers.json index df841f44..0114bacf 100644 --- a/php/containers.json +++ b/php/containers.json @@ -81,7 +81,8 @@ ], "cap_drop": [ "NET_RAW" - ] + ], + "cpu_shares": 2048 }, { "container_name": "nextcloud-aio-database", @@ -138,7 +139,8 @@ ], "cap_drop": [ "NET_RAW" - ] + ], + "cpu_shares": 2048 }, { "container_name": "nextcloud-aio-nextcloud", @@ -280,7 +282,8 @@ ], "cap_drop": [ "NET_RAW" - ] + ], + "cpu_shares": 2048 }, { "container_name": "nextcloud-aio-notify-push", @@ -321,7 +324,8 @@ "read_only": true, "cap_drop": [ "NET_RAW" - ] + ], + "cpu_shares": 2048 }, { "container_name": "nextcloud-aio-redis", @@ -363,7 +367,8 @@ "read_only": true, "cap_drop": [ "NET_RAW" - ] + ], + "cpu_shares": 2048 }, { "container_name": "nextcloud-aio-collabora", @@ -609,7 +614,8 @@ "tmpfs": [ "/tmp", "/nextcloud_aio_volumes" - ] + ], + "cpu_shares": 2048 }, { "container_name": "nextcloud-aio-watchtower", @@ -632,7 +638,8 @@ "read_only": true, "cap_drop": [ "NET_RAW" - ] + ], + "cpu_shares": 2048 }, { "container_name": "nextcloud-aio-domaincheck", @@ -877,7 +884,8 @@ ], "cap_drop": [ "NET_RAW" - ] + ], + "cpu_shares": 2048 }, { "container_name": "nextcloud-aio-harp", @@ -918,7 +926,8 @@ ], "cap_drop": [ "NET_RAW" - ] + ], + "cpu_shares": 2048 }, { "container_name": "nextcloud-aio-whiteboard", diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php index 6b6c5af9..9c62fe67 100644 --- a/php/src/Container/Container.php +++ b/php/src/Container/Container.php @@ -28,6 +28,7 @@ readonly class Container { /** @var string[] */ public array $capAdd, public int $shmSize, + public int $cpuShares, public bool $apparmorUnconfined, /** @var string[] */ public array $backupVolumes, diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index e4625a24..c5d9bf94 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -303,6 +303,11 @@ readonly class ContainerDefinitionFetcher { $shmSize = $entry['shm_size']; } + $cpuShares = 1024; + if (isset($entry['cpu_shares'])) { + $cpuShares = $entry['cpu_shares']; + } + $apparmorUnconfined = false; if (isset($entry['apparmor_unconfined'])) { $apparmorUnconfined = $entry['apparmor_unconfined']; @@ -361,6 +366,7 @@ readonly class ContainerDefinitionFetcher { $enableNvidiaGpu, $capAdd, $shmSize, + $cpuShares, $apparmorUnconfined, $backupVolumes, $nextcloudExecCommands, diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index ca6a4d72..19880e7a 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -374,6 +374,11 @@ readonly class DockerActionManager { $requestBody['HostConfig']['ShmSize'] = $shmSize; } + $cpuShares = $container->cpuShares; + if ($cpuShares > 0) { + $requestBody['HostConfig']['CpuShares'] = $cpuShares; + } + $tmpfs = []; foreach ($container->tmpfs as $tmp) { $mode = ""; diff --git a/readme.md b/readme.md index d092a296..8df0e36c 100644 --- a/readme.md +++ b/readme.md @@ -202,7 +202,7 @@ sudo docker run \ --publish 80:80 \ --publish 8080:8080 \ --publish 8443:8443 \ - --cpu-shares 2048 \ + --cpu-shares 4096 \ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ --volume /var/run/docker.sock:/var/run/docker.sock:ro \ ghcr.io/nextcloud-releases/all-in-one:latest @@ -219,7 +219,7 @@ sudo docker run \ - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates, used for for the AIO-interface running inside the mastercontainer). Not required if you run AIO behind a reverse proxy. - `--publish 8080:8080` — publishes the AIO interface (self-signed certificate) on host port 8080. You may map a different host port if 8080 is in use (e.g. `--publish 8081:8080`). - `--publish 8443:8443` — publishes the AIO interface with a valid certificate on host port 8443 (requires ports 80 and 8443 to be reachable and a domain pointing to your server). Not required if you run AIO behind a reverse proxy. - - `--cpu-shares 2048` — gives the mastercontainer twice the default CPU share weighting (default is 1024), ensuring it stays responsive under heavy load from sibling containers. + - `--cpu-shares 4096` — gives the mastercontainer four times the default CPU share weighting (default is 1024), ensuring it stays responsive under heavy load from sibling containers. - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` — stores mastercontainer configuration in the named Docker volume. Do not change this volume name; built-in backups depend on it. - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` — mounts the Docker socket (read-only) so the mastercontainer can manage other containers. On Windows/macOS or when using rootless Docker, this path may need adjustment; see the platform-specific docs. If you change the socket path, also set `WATCHTOWER_DOCKER_SOCKET_PATH` accordingly. If you prefer not to expose the socket, see the manual-install documentation: [Manual install without docker socket access](https://github.com/nextcloud/all-in-one/tree/main/manual-install) - `ghcr.io/nextcloud-releases/all-in-one:latest` — the mastercontainer image. @@ -705,7 +705,7 @@ docker run ^ --publish 80:80 ^ --publish 8080:8080 ^ --publish 8443:8443 ^ ---cpu-shares 2048 ^ +--cpu-shares 4096 ^ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^ --volume //var/run/docker.sock:/var/run/docker.sock:ro ^ ghcr.io/nextcloud-releases/all-in-one:latest diff --git a/reverse-proxy.md b/reverse-proxy.md index 25d86325..c0df44a2 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -1105,7 +1105,7 @@ sudo docker run \ --name nextcloud-aio-mastercontainer \ --restart always \ --publish 8080:8080 \ ---cpu-shares 2048 \ +--cpu-shares 4096 \ --env APACHE_PORT=11000 \ --env APACHE_IP_BINDING=0.0.0.0 \ --env APACHE_ADDITIONAL_NETWORK="" \ @@ -1125,7 +1125,7 @@ ghcr.io/nextcloud-releases/all-in-one:latest - `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail. - `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/ - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080). -- `--cpu-shares 2048` This gives the mastercontainer twice the default CPU share weighting (default is 1024), ensuring it stays responsive under heavy load from sibling containers. +- `--cpu-shares 4096` This gives the mastercontainer four times the default CPU share weighting (default is 1024), ensuring it stays responsive under heavy load from sibling containers. - `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at. - `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container) - `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below) @@ -1156,7 +1156,7 @@ docker run ^ --name nextcloud-aio-mastercontainer ^ --restart always ^ --publish 8080:8080 ^ ---cpu-shares 2048 ^ +--cpu-shares 4096 ^ --env APACHE_PORT=11000 ^ --env APACHE_IP_BINDING=0.0.0.0 ^ --env APACHE_ADDITIONAL_NETWORK="" ^